Various forms of malware utilize vulnerabilities in operating system code to enable attackers to access and modify the security privileges available to a process, application or service. In many instances, such vulnerabilities enable shellcode to execute in a high-privileged, secured mode. Attackers customize the shellcode to steal or provide access to security information for high-privileged system processes. The stolen security information is used to replace the security information for a low-privileged process, thereby exploiting a “privilege escalation” vulnerability in the system.
It is with respect to these and other general considerations that the aspects disclosed herein have been made. Also, although relatively specific problems may be discussed, it should be understood that the examples should not be limited to solving the specific problems identified in the background or elsewhere in this disclosure.